Startup Adapting MEMS Technology for RFID Authentication

Veratag is a startup that is using MEMS resonator technology to create RFID tags with unique "voiceprints" that make them virtually unclonable. The company plans to pursue authentication and transaction security applications.

April 23, 2008—Startup Veratag of Cohoes, New York, is adapting tiny micro electromechanical systems (MEMS) components to create chips that can be read wirelessly and are nearly impossible to duplicate. The firm says the MEMflake technology it is developing is more secure than traditional, encryption-based RFID tags and could be used to authenticate products and protect electronic passports and payment cards.

MEMSflakes are based on MEMS resonators, which have been used in atomic microscopes to measure molecular structures for about 20 years, and are now being developed to replace crystal oscillators in electronics production, Veratag CEO Dr. John Schneiter, PhD, told RFID Update. Each MEMS resonator creates a unique signal, or "voiceprint," which can't be cloned and can be used to authenticate the chip, Schneiter said. Each voiceprint is unique but falls within a defined band so separate readers do not have to be developed for each chip. However, MEMflakes can't be read with RFID readers currently on the market.

"We're taking advantage of a fundamental problem that has plagued MEMS resonators -- no two are the same," Schneiter said. "The way MEMS resonators behave is very unique and their signals can't be copied with standard electronics."

Veratag wants to commercialize wireless chips and readers based on MEMS resonators. The chips could be used to authenticate products, or to facilitate secure reads of payment cards, electronic passports, and other documents. Veratag positions the technology as a superior approach to traditional encryption, which it says adds cost to chips and slows read performance.

"Encryption works really, really well, except people are always gunning for it," Schneiter said. "But the Achilles Heel of encryption is key management, which I think has a lot of people frustrated. With MEMflakes there are no keys to manage. The signatures could even be made public, because they are practically unclonable."

Background material on Veratag's website says the odds of cloning a MEMflake can be higher than one in a trillion trillion (1 followed by 24 zeros).

MEMflakes can be produced with today's chip fabrication equipment and support frequencies from approximately 50 KHz to 100 MHz, according to Schneiter. He said Veratag is concentrating on developing chips that operate around 13.56 MHz and can be read from up to 10 centimeters away.

MEMflakes could be used together with traditional RFID tags or in place of them for authentication and security applications, Schneiter said. For example, because each MEMflake has a unique signature, MEMflakes could be used instead of traditional RFID chips for product authentication. Or, chips could be used together to safeguard communication. The MEMflake chip would receive a signal from a secure reader, which would authenticate the reader before allowing a second RFID chip to transmit its stored data.

"Ultimately we imagine hybrid approaches to security," Schneiter said. "Whether it's on a single chip or dual chips remains to be seen."

MEMflakes themselves can't be encoded with data, but can be created with unique frequency patterns that can serve as identifiers. "We can impose frequencies, and patterns of frequencies, on these chips when they are manufactured," Schneiter said. "It's akin to the approach taking with the EPCglobal standards, which reserve one set of bits to identify the manufacturer, another for a unique serial number, and so on."

Veratag has three patents pending, including two it licensed from the Craighead Research Group at Cornell University, where MEMS resonator research and development is taking place. Veratag formed in late 2006 and is currently seeking more venture funding to continue product development and add staff to the three-person company.

Veratag is targeting the RFID market for its innovation because of its growth potential, especially for payment card and identification applications. Schneiter said it is difficult to assess whether current RFID security is adequate, because new applications are emerging and the scale of use is growing to unprecedented levels.

"Now that the technology is getting ubiquitous and more and more systems depend on it, the threats are getting more serious," he said. A recent Dutch government warning that RFID fare cards could be compromised underscores the point (see Yet Another RFID Hack Could Affect Up To 1 Billion Cards).